Microsoft is not happy that Google's security folks are finding bugs in Windows (particularly Windows 8) and telling the world about them before Microsoft can fix the problems.

Publicly discussing bugs in this way (in geek-speak, it's called "full disclosure") is not something new or unique to Google. Security researchers have been doing this for ages when they think a software vendor is dragging its feet on fixing dangerous bugs.

The problem here is that Microsoft says it was not dragging its feet.

The flaw was discovered by Google's "Project Zero," which was founded last summer as a group of world-class security researchers looking for security holes in other company's software. The work is generally considered to be a good thing, helping make the internet a safer place.

However, Project Zero has a strict 90-day "fix it or we'll disclose it" policy.

Microsoft says it planned to release a fix for the bug as part of its usual monthly Patch Tuesday cycle in January, two days after Google's 90-day deadline. However, Microsoft also told Google that the patch itself was buggy and would be released in February, according to records made public by Google.

Microsoft tries to release all patches on a predictable monthly cycle, to make it easier on enterprise customers who need to test each patch before deploying it.

On Jan. 15, 90 days after Google first told Microsoft about it, Google disclosed the bug. There was no patch available.

Google/Business Insider Interestingly, these Google security gurus aren't disclosing bugs found in Google's own software in the same way. Their database comes up blank when searching for a list of bugs found in Google software.

The situation has caused Microsoft to cry foul.

In a blog post blasting Google, Chris Betz, a director of Microsoft's own security research group, wrote:

One company - Google - has released information about a vulnerability in a Microsoft product, two days before our planned fix on our well known and coordinated Patch Tuesday cadence, despite our request that they avoid doing so. Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a "gotcha", with customers the ones who may suffer as a result. What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.

It's not likely that many enterprises will be hacked because of Google's decision to release the code before Microsoft could patch it, though that is a risk.

Still, the whole thing shows how businesses are caught in the middle of the games these big competitors are playing.

Popular from BI Prime

Close iconTwo crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.Check mark iconA check mark. It indicates a confirmation of your intended interaction.